Of course they'll tell you that. In fact, haven't you realised? You ARE their intellectual property. All you iSheep, Twits and FacePalmers. Go on, put your private life on teh intertubes for all to see. Check in with FourSquare to become the mayor of burger king to get a 10% discount on your next piece of crap for lunch, and watch your insurance company make a silent note. Write on your wall about your cool new Nike Football shoes, and watch targeted advertising appear to you for other football related products.

You and I know that 'publicly' means 'on any server you don't control'. The masses think 'publicly' means 'on a site that doesn't have access control'. People don't realise that 'private' communications on FaceBook may not be seen by the world at large, but that are seen by anyone who pays FaceBook (including the CIA, which seems a bit silly because you'd have to be a total moron to use something like FaceBook if you're planning the sort of things that the CIA cares about).

Yes, to both. My email is hosted on a server that I do control, but as soon as it is sent to someone else's server, it's effectively public. Internet banking data is shared with credit rating agencies, as noted in the T&Cs attacked to my bank account.

Indeed, although there is not much personal information on Slashdot. The problem is not that people have public lives, it is that Facebook greatly expands the scope of what is "public" while greatly diminishing the scope of what is "private." The information Facebook collects is much broader in scope than Slashdot, and extends beyond what people actively post on Facebook.

There is also the matter that supposedly private messages on Facebook are not really private at all, a classic case of the "third party server" problem. Unlike email, for which there are well-developed (but rarely used) methods of keeping private messages private, Facebook is designed to thwart such efforts (e.g. to encrypt an email, I can just hit a checkbox, assuming keys have been set up; to encrypt a Facebook message, I have to manually invoke a cryptosystem, copy and paste, and so forth -- a pain even for technically competent users). For most people, the "privacy" issue on Facebook is related to what their friends, coworkers, and potential future contacts can see -- very few people give any thought to the amount of information that Facebook itself has, and for many Facebook has become the primary means of communication.

Here's an idea: a browser plugin to encrypt/decrypt messages on facebook. Only people to whom you have given the key can make sense of your messages... Of course, don't send out the keys via facebook...

Indeed, although there is not much personal information on Slashdot. The problem is not that people have public lives, it is that Facebook greatly expands the scope of what is "public" while greatly diminishing the scope of what is "private." The information Facebook collects is much broader in scope than Slashdot, and extends beyond what people actively post on Facebook.

The Facebook website is one thing, the Like-buttons on thousands of websites, that's my biggest concern. Whenever you visit such a page, FB logs your visit because that button/script is loaded from their site. Whether you're logged into FB or not, they still log your visit and your IP-address. They obviously don't want you to know that they know which websites you visited and when. Maybe people on/. know about this, but 99% of the regular FB visitors probably don't.

Why is this bad? I'd rather see ads for things I like and might consider buying than scattershot ads for shit I'd never use.

If only it were actually that good. Every time I see an ad for a company whose products compete with products made by my employer (that I thus almost certainly wouldn't even consider buying), I conclude that they must not be doing much more than a trivial keyword search (and they know who my employer is, so that's just a Facepalm right there).

The kind of advertisement that does affect me, if you can call it that, is word-of-mouth advertisement. Specifically, if you make a good product, and people give it consistently good reviews, I'm more likely to buy your product. If you make a s**tty product that falls apart in six months, I'm more likely to call up a manufacturer in China and go into business against you (which isn't very likely to happen at all, but is still a heck of a lot more likely than me buying your junk product).

I'm not sure a Chinese manufacturer is where I'd go if my goal were to produce a high quality product rather than an inexpensive one.

You can make high quality products with Chinese manufacturers, but you have to be very selective about which manufacturers you'll work with, and you have to pull random inspections to ensure that they are actually doing the QA testing they claim to be doing. Otherwise they'll send you half junk.

A lot of it also depends on the design work that went into it. If you've done the board layout and testing yourself, repeatedly ordering new test runs until you get a layout with perfect or near-perfect yield, you'

After finding a brand of shoes I like, I buy them in bulk. I'm just reaching the end of the stack of shoe boxes I bought four or five years ago. It's almost time to buy shoes again.

As for clothing, I have a closet full of short-sleeve shirts, and a closet full of long-sleeve shirts. Clothes last a long time if you wear them only once per month. Also, my parents often give me a shirt or two for Christmas, which further reduces the need to actually shop for clothes. And I buy white socks in bulk every fe

Why is this bad? I'd rather see ads for things I like and might consider buying than scattershot ads for shit I'd never use.

I take it you missed the Slashdot story a couple of years ago about Amazon giving different prices based on the browser you use? Targeted advertising isn't where it ends. Companies like Google and Facebook often record enough information to tell how much you shop around before buying things, for example. It doesn't take much data mining to work out how much you'd be willing to pay for a specific product. Next time you visit an online store, you may find it's exactly that amount. Meanwhile, it costs 20%

Check in with FourSquare to become the mayor of burger king to get a 10% discount on your next piece of crap for lunch, and watch your insurance company make a silent note.

Why is this bad? I eat healthy, and am healthier for it. Why should I have to subsidize the lard-asses who eat at BK every day?

The way to deal with the public cost of fast food is to put a surtax on it and apply that money to the health care system. Like they do with cigarettes.
That way the fatties can lead their miserable lives and the rest of us don't have to pay for it. Much in the same way I don't have to pay for your devil-may-care attitude towards surveillance. I do my best to protect my information. Most of the sheep don't know or care. It's surprising that you do know and don't care, but that's your privilege.

well, the thing is, there's a reason there's the "europe" in the complaining groups name.

they're required to give you a copy of the records. sure, they can try to make a mint with them - it's not fb's loss when it leads to no sales, it's the stupid advertisers loss. but I guess a lot of that is problematic for fb as they don't have actual records, more like an ever living live record. it's pretty easy to target advertisements just based on what you were served on that page push, but keeping a record of that

Write on your wall about your cool new Nike Football shoes, and watch targeted advertising appear to you for other football related products.

b) Even if I didn't, I'd rather see relevant ads than the random crap I'd get otherwise.

Both sides of this point have their merit. On the one hand, I case about my privacy, and don't want companies to profile everything I do. On the other hand, I'd rather see relevant ads than irrelevant ads. Should I sell my soul for comfort? Or stubbornly resist the flow and accept all the annoyances it brings? I'm not quite sure.

For the most part, they don't seem to be doing a terribly good job at showing me relevant ads, though. Except YouTube; ever since I googled for accountant services, YouTube keeps sh

I live in a small community. FaceBook, Twitter, all still more private than what is already considered public here. I hope my area is just an isolated case. If it isnt, then I'm tempted to say privacy has always been an de facto illusion. To borrow a phrase, it was privacy through obscurity, and easier done in urban areas.

Of course they'll tell you that. In fact, haven't you realised? You ARE their intellectual property. All you iSheep, Twits and FacePalmers. Go on, put your private life on teh intertubes for all to see. Check in with FourSquare to become the mayor of burger king to get a 10% discount on your next piece of crap for lunch, and watch your insurance company make a silent note. Write on your wall about your cool new Nike Football shoes, and watch targeted advertising appear to you for other football related products.
The herd is a goldmine, ripe for the picking.

Yes, because only providing the "necessary" information such as name, SSN, birthdate, address, employer, annual salary, spouses information and SSN, your first car you ever owned, the name of your first grade teacher, your entire employment history, your entire medical history...the neverending plethora of VERY personal information you have to provide to various agencies throughout your adult life is MUCH much more secure because those agencies NEVER have security breaches, exposing millions of records at a

Keep on drinking the Kool-Aid then chum. It starts with the anonymous herd, and ends with the individual when they become interesting. How much do you think your soon to be ex-wife's divorce lawyer would like to pay to get you fully profiled and sniff out any dirt on you? Of course it can be done via conventional means, it's just much quicker and more efficient online.

And with such information easily available, employers are even depending on it and starting to thumb their noses at wiseass technophobes that know better than to whore themselves out to social networks.

I'm anti-religion too. I don't care what you do on your own if it doesn't affect me, but religion scares me.

The prime example is all those Christians waiting for the rapture, hoping for it. These people actually want the world to end. Wars, environmental catastrophes, political upheavals, etc., are signs from "God" to these people. There are a lot of them, and they are allowed to vote, run for political office and make law.

It is NPC to criticize religion. How did that happen when it has the capabi

So you, by definition, have knowledge of all of you personal information (otherwise it wouldn't be personal), they must think that they have a way of turning knowledge about your self that is available to you consciously, into information that isn't, for example by analyzing your web history, or use of language, or friends, in order to predict certain cultural preferences, or ad susceptibility. That's perfectly believable, and no, you probably aren't entitled to it. If you don't want them building models of you, don't submit your information.

It might even be more fun than that. Maybe they know things about you that you never told them, like your gender or age. I would also tend to believe that if they're able to figure out this information about people they're probably entitled to keep the fact of their knowing secret.

If they are adding that as information about "you" to the folks they sell your information to, you should be entitled to get it under a request of "what information about me do you have" - not a "what information have I given to you about me, minus all the other stuff you worked out on your own...".

However, I can also see that giving all that information may well end up opening an interesting kettle of fish. What if one of their derived bits of information about you were that you were a white supremacist? W

It might even be more fun than that. Maybe they know things about you that you never told them, like your gender or age. I would also tend to believe that if they're able to figure out this information about people they're probably entitled to keep the fact of their knowing secret.

Disclaimer, I am not a lawyer, but insofar as I understand the law this cannot apply in Europe - in Europe they are required by law to give you access to all personal data stored about you so that you can correct or remove it. See the Personal Data Law [europa.eu], specifically the data subject's "right of access" to personal data.

Depends on the jurisdiction I would think, but in the UK the Freedom of Information Act gives any person the right to demand to see any and all information held by a company about them (for a nominal fee to cover admin costs). This, AFAIK, is not limited to information you have directly given them,

I think it must go further than that. A coworker today was wondering why Facebook recommended as a friend a person that we recognise the name of from within our company, but in an overseas branch. They have no Facebook friends in common. He's never sent or received mail from her on a personal account (he's obviously signed up to Facebook on one of those accounts), never given Facebook any clue as to his work email or even the place he works. I was thinking there must be a simple explanation, but maybe there

. A coworker today was wondering why Facebook recommended as a friend a person that we recognise the name of from within our company, but in an overseas branch.

I've got a better one: A colleague who has a facebook account but has never posted anything, not a photo, not even information in the profile got a recommendation from Facebook to add as a friend someone who is in her cancer survivor's group. The absolutely only bit of information about her that she's been able to find on Facebook is a photograph from a different friend's profile in which she appears but is not named in the photo's info. As I said, she has never posted anything about herself and the person who was recommended to her is not the facebook friend of a facebook friend.

Wrap your head around that one. Now maybe there's some bit of data she forgot about or some connection she has been unable to learn, but she's really a detail-oriented person and has just not been able to determine how this connection was made.

Either way, it's creepy as hell and she deleted her account, although she has no misconceptions that anything collected about her has been deleted. I guess you would say she "closed" her account because it does not appear that Facebook ever willingly relents a scrap of info.

I never really liked it much, but I just won't touch that shit any more. I hate to sound like an eccentric old crank but I've been writing letters a lot more lately. I don't even let my eyes linger on the Facebook icon on any webpages I read.

personal information isn't just what you personally divulge. if someone mentions your name in a facebook/twitter/slashdot post (even if someone else sharing the same name), you may be automatically associated with that person (and you may have no idea you were even mentioned anywhere), so even the facephobes may be profiled without their knowing. you don't even need a facebook account. web crawling is all just associative data. though i bet google has bigger treasure troves of this data than facebook.

nothing wrong with being a facephobe. i have a facebook account, but its pretty much so my wife can tag me in her photos. i hate social networking, but i also hate socialising. slashdot is about as social as i prefer

The simplest "people you may know" method is to mine people's contacts when they voluntarily upload them (email, phone, IM, etc.) in a "find my friends" flow. Most of the "holy crap it's my decade-ago ex-girlfriend" style shocks I get are because they still have me in an address book somewhere and they shared it.

colleague who has a facebook account but has never posted anything, not a photo, not even information in the profile got a recommendation from Facebook to add as a friend someone who is in her cancer survivor's group. The absolutely only bit of information about her that she's been able to find on Facebook is a photograph from a different friend's profile in which she appears but is not named in the photo's info. As I said, she has never posted anything about herself and the person who was recommended to h

simple. your colleague user her email address to sign up, which the other cancer survivor hat previously entered into facebook search to figure whether she is on facebook. facebook remembered the search even though it didn't return any matches at the time, but made good use of it by suggesting a probable friend candidate. creepy: yes
creepy by facebook creepiness standards(R): no

After reading (well, skimming anyways) TFA, I really feel I should point out Facebook didn't say in TFA that the personal information was a trade secret, only that it would be an exception if it was. Possibly, they omitted information under the other exception, which is if it is exceptionally difficult to provide the information, and only gave both exceptions for maximum ass-coverage (and tinfoil-hat coverage too, apparently).

It wouldn't surprise me at all if they had more information than you gave them (su

If you don't want them building models of you, don't submit your information.

How many people are willing to stand up to their friends and say, "No, I am not on Facebook, please send me an email if you want to invite me to an event?" How many people are knowledgeable enough to take the time to set up ABP and NoScript, or to configure the equivalent in their browser of choice? The problem with not participating in Facebook is that it is spread out all over the web, large numbers of people use it as their primary means of communicating, and many people simply assume that everyone i

If you don't want them building models of you, don't use the internet.
Do you seriously believe that not choosing to have an account protects you at all? Do you not see all the Facebook hooks everywhere? And no, blocking their domain is not a reasonable solution for the masses, and still won't prevent your details from entering their database.

.... use of language, or friends, in order to predict certain cultural preferences, or ad susceptibility. That's perfectly believable, and no, you probably aren't entitled to it. If you don't want them building models of you, don't submit your information.

Under EU privacy laws they must, upon request, provide you with all the information they have about you. And upon request they must also delete any personal information.
If there's really anything to this story (and facebook doesn't back down), I think facebook will loose in court...

Yeah, but if you start stripping away these things, it starts to lose the essence of being a "product". If you remove the requirement to be owned or controlled by the people trying to sell a product, in what sense is it a product? More relevantly, in what sense are you not a client? And besides, if products do not have this requirement, then does the word "product" deserve the negative stigma it receives?

Certainly in the US not all personal data is legally available to the consumer. The data collected by credit agencies must be disclosed, but in my experience the score the consumer gets is not the same as the score the retailer gets. The retailer is the customer, while the consumer is simply a drain on profits.

Millions of people are willing to give retailers personal data in exchange for a discount off inflated prices. The customer in retailer is quickly becoming the firms that buy data. I wonder how

I created a free site, truefriender [truefriender.com] but the free users are subsidized by the paying users, the 5 gig account is free. And unlike facebook, since there is a direct path to income, advertisements are not needed, and neither is personal information, so we encrypt everything. We are trying to make a secure private social network. Please don't mod this down cause I'm just trying to get the word out to people who might be interested in this service.

No, the product is the data--your data. The service is an expense, the cost of doing business, the means to acquire and aggregate that data to be sold.

Facebook, Twitter, Google and the like have already gone far from trying to offer a good service which is subsidized by advertising. The advertising and data brokering is now their business model and their main focus, and the service is collateral that is maximized to fulfill that model.

Your friends are already doing it for you. They're tagging you in pictures, and writing about what you did with them, who you're with, who your friends are, and certain other details about your personal life.

Bank? Yes. Checks? Haven't written one for the past 4 years. Credit card? Yes I have 3. Discount card? No. Job? Self employed. SSN? Nope, not in the US. Visa? Nope, I'm Canadian so I don't need one for the US. House? I own corporations that own houses. The corporations were originally created with third parties as shareholders and I ended up buying all the shares privately. My annual general meetings are very short. Line of credit? Nope, don't need it. Google? Yeah I use the search engine. Hotmail? For non

Much much more than you would suspect. Any friends who use Facebook? Are there records of the corporations you bought and own (sweet gig there, BTW)? And of course, all your credit info from the cards is available (online from credit report sites). Also, I imagine you have a drivers license (not sure how info from that woks in Canada, though)

Now, this info isn't necessarily available entirely or easily to most people. But to major companies? Hell yeah. Even the houses could be traced back to you pretty e

Unlike some governments, businesses are not subject to "Freedom of Information" queries.

Nor do you have any "rights" other than those set out in the terms of service, other than the right to refuse those terms and go elsewhere.

Surely these Austrians aren't naive enough to think they're going to shove their laws down an international organization's throat? If they object that strongly, try to have Facebook blocked and banned from Austria. That is and should be their only legal recourse -- you cannot h

Surely these Austrians aren't naive enough to think they're going to shove their laws down an international organization's throat? If they object that strongly, try to have Facebook blocked and banned from Austria. That is and should be their only legal recourse -- you cannot have international organizations subject to the whims of every nation in the world that the internet reaches.

Yes and no. What you are saying sounds dangerously close to claiming Facebook is completely above the law (of every country) and can do whatever the fuck it likes just because it is multinational. Unless we establish a planet wide government (which is a bad idea anyway), I don't think corporate immunity to prosecution in all jurisdictions is a good idea.

BTW, companies are usually subject to the laws of countries that it chooses to do business in. IANAL, but Facebook could have just made "Country" a mandator

Member States shall guarantee every data subject the right to obtain from the controller:
(a) without constraint at reasonable intervals and without excessive delay or expense:
- confirmation as to whether or not data relating to him are being processed and information at least as to the purposes of the processing, the categories of data concerned, and the recipients or categories of recipients to whom the data are disc

After reading TFA and the fine website of Europe vs Facebook [europe-v-facebook.org] it turns out they are honoring the European (Irish) law and sending CDs with personal info to whoever requests them; the kind of data they're refusing to hand over is:

"Data like the biometrical information or ”likes” are seen at trade secret, intellectual property or are simply too complicated to send to users according to Facebook."

It raises the question whether it's reasonable to request from them information such as your "likes". It sounds to me like asking a company to hand you over a log with your phone calls and email exchanges; I don't think they have that obligation.

However they do have exceptions for data that is commercially sensitive, though it's a very narrow definition and not something you can easily use as a blanket "get out" clause. If in doubt, file a complaint with your Information Commissioner's office (or local equivalent) as they will quite quickly be able to rule on whether or not Facebook or justifiably invoking the Trade Secret option.

It raises the question whether it's reasonable to request from them information such as your "likes". It sounds to me like asking a company to hand you over a log with your phone calls and email exchanges; I don't think they have that obligation.

If the company has kept a record of such events and linked them explicitly to your name, then it should count as personal data.

Can someone explain why "you are the product" translates to carte blanche for facebook to do what they want with your data? If the FBI maintains a file on me, using purely public information, do I not have a right to that information? I don't understand why "you are using this for free" translates to "you deserve whatever they do to you". If Facebook charged for their service, would I suddenly be entitled to more? So do products (aka users) have zero rights? Should we?

In the European Union personal data is protected by the Data Protection Directive [wikipedia.org], principle 6 which provides a legally guaranteed "access to private personal data" held by any third party.

Despite the Data Protection Act in the UK which generally requires disclosure and correction of personal information, financial institutions routinely refuse to give out information on things like decisions to turn down credit applications on the grounds that the proprietary algorithms they use to crunch your data are trade secrets. This even extends to the data sources they have consulted in addition to the personal information you provided them.

That is true for companies with which you have a contract that involves sending them personal information.

Whether Facebook and others like Google, Microsoft, etc. are bound by the DPD remains to be seen. They are not from a EU country and they did not sign a contract with you - I don't think there's an official client-provider relation between their users (especially their EU users) and them. Some court might try to force them to hand over the data on account of national laws but that's open to interpreta

Two can play at this game. Everybody place a legal notice in the paper that does essentially the same thing, except that you are simply claiming your own personal data. State that your data may not be used without a contract and payment subject to negotiation, and that you regard unsigned agreements as invalid. It may or may not stand up in court, but it'll be a helluva good show.

That won't work for adults since they can claim that as the owner of your personal data, you automatically give them a licence to use your data when you agreed to use their services. It might work for minors, since in many countries, minors are not allowed to sign contracts or give up rights, without parents' permission.

For adults, one can formally sign the complete rights to their personal information to a trusted individual (like a parent) or organization, before joining any social network service. Then